Congress promises more hearings on Kaspersky

There will need to be more, because Wednesday's offered little in the way of substance on the ongoing saga.
Kaspersky sales
(Flickr/Norwegian University of Science and Technology)

Little substance was offered on Capitol Hill Wednesday at the first of multiple hearings examining the accusations swirling around Kaspersky Lab’s alleged espionage actions against the United States.

None of the witnesses came from the Department of Homeland Security, which banned Kaspersky from federal systems, nor the White House, which backed the decision, nor the intelligence community, which provided the data and intelligence behind the directive. Instead, officials from NIST, GSA and two private companies gave no new insight into the case. It’s unclear why these witnesses were chosen to testify instead of other options more closely involved in the case.

More hearings on the Moscow-based cybersecurity firm are likely on the way, but it’s not clear if any U.S. government experts or Kaspersky employees will be present. CEO Eugene Kaspersky was invited to a hearing originally scheduled in September, but Congress has been silent since the hearing was canceled. Eugene successfully obtained a visa and can travel to the U.S. if invited to Capitol Hill.

There are U.S. officials actively pushing against Eugene Kaspersky being invited to testify. Rep. Darin LaHood, R-Ill., refused to commit to any specifics, saying instead that he will “entertain” re-inviting the CEO or another Kaspersky employee to a future hearing on the subject.


Just hours before the hearing, Kaspersky again denied accusations of inappropriate actions and published the preliminary results of an internal investigation into charges that the company was breached as part of an espionage campaign against the United States. The blog claimed an NSA employee who brought home classified material also downloaded and installed pirated software on his machine which was detected by Kaspersky software.

After infection, the user “scanned the computer multiple times which resulted in detections of new and unknown variants of” the malware, Kaspersky wrote, which resulted in the malware being submitted to Kaspersky for analysis.

The malware source code was reported to Eugene Kaspersky, who says he didn’t share it with anyone and subsequently deleted the archive.

The particular malware allegedly downloaded by this user, Win32.Mokes.hvl, allows backdoor capabilities including stealing a target’s sensitive data. That adds yet another layer of potential spying, making the timeline on this saga: An Israeli hacking group is accused of spying on Kaspersky, which is accused of spying on the U.S., while the U.S. also accused of running honeypots to watch Kaspersky.

Wednesday’s hearing regularly veered away from Kaspersky and into various charges against Russia for interfering with the 2016 U.S. elections, which Kaspersky has never been implicated as some sort of accomplice. This lack of focus, along with the pointed lack of relevant expertise, were among the reasons the hearing was so poorly received by many observers.


The accusations against Kaspersky, so far based on anonymous media reports, allege that the company’s software was deliberately used to look for classified U.S. data. It’s clear from both the media reports and this congressional hearing that much of the detail surrounding the reasoning behind U.S. action against Kaspersky remains shrouded in secrecy, so it’s not a surprise that more hearings are on the way.

You can watch Wednesday’s entire hearing below:

Patrick Howell O'Neill

Written by Patrick Howell O'Neill

Patrick Howell O’Neill is a cybersecurity reporter for CyberScoop based in San Francisco.

Latest Podcasts